Isolated clients with Wireguard

The Wireguard VPN doesn’t isolate clients on default. If you want to enable client isolation, you can do so via the following iptables rules:

iptables -I FORWARD -i wg0 -o wg0 -j REJECT --reject-with icmp-adm-prohibited
ip6tables -I FORWARD -i wg0 -o wg0 -j REJECT --reject-with icmp6-admin-prohibited

If you want relax the rules for certain clients you can do as follows (where refers to the client and to the Wireguard VPN network):

iptables -I FORWARD -i wg0 -s -d -j ACCEPT


84 Words

2020-02-02 14:03 +0000